SBS - The Best Value in QMS software

Do we need a Risk Register for ISO 9001:2015

Z

zoolieu

#1
It appears that a "risk register" is not required for ISO 9001:2015.
We always post issues, situations, risks, concerns and potential problems on a large dry erase board so that the issues do not get forgotten.
Would it also be necessary to draft a register to house these risks and resolutions in?
We have our audit in 3 weeks.
On a side note - we are a distributor (not MFG) and very small company of 5
 
Elsmar Forum Sponsor
B

BoardGuy

#2
Although 6.1 specifies that the organization shall plan action to address risk there is:

a) No requirement for formal methods for risk management
b) No requirement to document risk management process
c) No requirement to retain documented information as evidence of determination of risks.

This part of the Standard has developed in to a cottage industry of risk based thinking gurus that could lead you in to performing FMEAs for all process. We developed a simple spreadsheet that addresses both Section 4 and 6.1 requirements. Our spreadsheet looks at:

a) Interested parties and their reason for interest
b) Internal issues of concern
c) External issues of concern
e) Organizational risks and how they are addressed

In the end you should not just create something to address 6.1. You should develop needed information that is helpful to top management and the organization.
 
Z

zoolieu

#3
Thank you kindly for the clear and well drafted response.
May I ask where you house this spreadsheet so that it is accessible to all?
 

Kronos147

Trusted Information Resource
#4
At our shop, we found something we already capture, NCR's, in our NCR log, and added an NCR classification, Risk.

We look to see what methods we already have and expand upon them as opposed to develop new processes.

We also have a quote review checklist. We added a section to document Risks.

We have a process to qualify vendors and issue PO's. We integrated risk management.
 
B

BoardGuy

#5
Thank you kindly for the clear and well drafted response.
May I ask where you house this spreadsheet so that it is accessible to all?
[FONT=&quot]Sorry, I cannot provide because it is consider to be a proprietary document of my employer.[/FONT][FONT=&quot][/FONT]
 
Z

zoolieu

#6
I apologize - I wasn't asking to view the doc - just where do you keep in your company so that it is accessible? In a binder? On a shared drive?
 
J

Jim Green

#7
I apologize - I wasn't asking to view the doc - just where do you keep in your company so that it is accessible? In a binder? On a shared drive?
I am not an expert, but I would keep it in an electronic folder. Then present hard copy during Mgr Review. That way it's covered.

In my experience, the more you have presented in Mgr Review, the more efficient and easy your external/3rd party audits tend to be.

I am going to start off very simple at first. Trying to capture major processes, and see how it goes.
 
Z

zoolieu

#8
So - I have a bit to add that I hope will deem helpful.
You do NOT have to have a "register" per se, but you do need to have a MR, so that all has to be integrated. We have a large dry erase board that I have divided up by sections that have risk: shipping, purchasing, etc. We toss up issues as they arise, discuss and manage in the meetings and then keep a running "risk register" Just excel doc - on a shared folder for reviewing and history. Hope that works!
 

Mark Meer

Trusted Information Resource
#9
We have a large dry erase board that I have divided up by sections that have risk: shipping, purchasing, etc. We toss up issues as they arise, discuss and manage in the meetings and then keep a running "risk register" Just excel doc - on a shared folder for reviewing and history. Hope that works!
I would strongly suggest moving this activity to a shared document/spreadsheet, instead of a dry-erase board. ISO requirements aside, I think it's important to have some lasting record of activities you do... it makes it easier to look back later and make decisions based on past activities.

Google Docs is a good possibility as it is free, any number of people can collaborate simultaneously, and revision histories are maintained.

If people are at their computers daily, you could set it to people's home-page, thus (more-or-less) ensuring that everyone sees it daily...
 

dsanabria

Quite Involved in Discussions
#10
[FONT=&quot]Sorry, I cannot provide because it is consider to be a proprietary document of my employer.[/FONT][FONT=&quot][/FONT]
You could do a "PM" Private Message and not make your documentation to the whole world - thus not violating proprietary laws because no one will know or find out. :cool:
 
Thread starter Similar threads Forum Replies Date
M Need Help With Information Security Asset Risk Register IEC 27001 - Information Security Management Systems (ISMS) 2
Melissa Risk Management Process, How far do I need to go? ISO 14971 - Medical Device Risk Management 10
D Low risk IVD study in the UK, do I need MHRA approval? UK Medical Device Regulations 1
R The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 4
M Informational FDA Panel: Too early to pull textured breast implants over cancer risk, need more data Medical Device and FDA Regulations and Standards News 0
V How to Publish/Convince Stake Holders about need/utility of Risk Management Systems FMEA and Control Plans 6
S Do HF Accessories need to perform a Risk Management Process of 60601-1:2005? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
D PA, CA and Risk-Based Decision Making - Need Input Preventive Action and Continuous Improvement 7
W Need risk acceptance policy/criteria ISO 14971 - Medical Device Risk Management 3
A ISO14971:2001 - Risk Management for Medical Devices - Help need copy ISO 14971 - Medical Device Risk Management 10
R Reduce the need for authorisation of low risk changes Document Control Systems, Procedures, Forms and Templates 3
G Need journal and reference of abnormal bar chart SPC Statistical Analysis Tools, Techniques and SPC 3
MSeibert47 Daily Quality Topics - Need Ideas Please! Food Safety - ISO 22000, HACCP (21 CFR 120) 15
W Do Reference materials for IATF need to be 17025? IATF 16949 - Automotive Quality Systems Standard 15
D Need some Help on 8D fault tree analysis Problem Solving, Root Cause Fault and Failure Analysis 6
A Need to calculate tolerance Intervals with a set of non-normal data and 3-Parameter Weibull distribution Using Minitab Software 0
F Need Quality Manager advice. Quality Manager and Management Related Issues 6
T Do we need an SOP for ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
B Do CTQs need to be equipment specific? FMEA and Control Plans 8
K Contract Manufacturer Do they need a complaint procedure? Medical Device and FDA Regulations and Standards News 8
K Screen printing ink and machine selection_ Need help Manufacturing and Related Processes 6
D Do employee training records need to be centralized? IATF 16949 - Automotive Quality Systems Standard 10
H Need of EU Representative Designation for Turkey? EU Medical Device Regulations 3
H If we use agile - do we still need to document TF as a waterfall just for the notified bodies need? IEC 62304 - Medical Device Software Life Cycle Processes 2
briteme4 AS9102 First Article Inspection - do I need a second reviewer and signer? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
J Furnace repaired - Do I need a new initial TUS? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B Does FDA Registration QSR need to cover non-medical devices for contract repackager? US Food and Drug Administration (FDA) 1
S Need ISO 15189:2012 Documentation toolkit. Document Control Systems, Procedures, Forms and Templates 0
J Need a contract monitoring Tool General Information Resources 0
P UDI-PI requirements on reusable surgical device, do we need serialisation? ISO 13485:2016 - Medical Device Quality Management Systems 3
J Need Help with FPY Data in Assembly Process Manufacturing and Related Processes 7
W 17025 and NIST handbook relationship (need advice) ISO 17025 related Discussions 8
lanley liao Does all of the suppliers need to integrated into the supplier list qualified of the company? Oil and Gas Industry Standards and Regulations 2
K Need procedure for D&D inputs? ISO 13485:2016 - Medical Device Quality Management Systems 4
S Need help on "Country of Origin" Medical Device and FDA Regulations and Standards News 0
Ed Panek Immediate need for 80601-2-56 Consulting expert. PM me for details Career and Occupation Discussions 0
Tagin You're Gonna Need a Bigger Root Cause Coffee Break and Water Cooler Discussions 12
M PSA Suppliers - CSR matrix and need the quality manual of PSA APQP and PPAP 6
K Interesting Discussion "World Class Product" based QM. I need advice. Quality Management System (QMS) Manuals 14
I Do I need to sign off my annual audit calendar? Internal Auditing 2
P Do we need to retrospectively use the "MD" symbol (indicating device is a medical device) on labels, e.g. finished devices within expiration date? EU Medical Device Regulations 2
M Do I need separation in my circuit with a medical charger? IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
V Certified Auditor - Need of additional certification specific to industry ( GMPs) ASQ vs ECA vs others Professional Certifications and Degrees 1
A Medical Device Contract Manufacturer - Does the CM need to register with FDA? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
J Records Control - Does each individual record need to be numbered? Records and Data - Quality, Legal and Other Evidence 2
N Is there a need for clinical test of Class IIa products (for MDR)? EU Medical Device Regulations 2
J Do Software Subcontractors need to be ISO13485 compliant in the EU? EU Medical Device Regulations 3
K Do I need a "State of the art" plan? CE Marking (Conformité Européene) / CB Scheme 1
S Need advice for schooling Quality Manager and Management Related Issues 5
R What information do i need to get from the device manufacturer 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0

Similar threads

Top Bottom